60d03b11f7e06c9b3b2bed8c0d2336098b581988f597dc90e0149254d40a7f4d

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2023 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.14635.21399.exe
Size

2.2MB
MD5

cfe528f7dc8ba4c4595f2198c5c00275
SHA1

d09bef716209c4c32596bf3644d3e6ff2e4f8c8a
SHA256

60d03b11f7e06c9b3b2bed8c0d2336098b581988f597dc90e0149254d40a7f4d
SHA512

a45365e027e9a652391aa0fd2189b1ccd8f1afd572d6a60bb733d8ab088e6352f4955de9260f3c8350036328b9015cc8b403541cac5a05f36f6a7b14cb269145
SSDEEP

49152:Wf0uOckMkvhcdfB7gBv90liJzB6XNm+sLpRIM6iDIsD9FrBX:WsuTL1yhGsoX5i6zinJBBX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1472	rundll32.exe
2680	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 3436	4576	SecuriteInfo.com.Win32.TrojanX-gen.14635.21399.exe	87
PID 4576 wrote to memory of 3436	4576	SecuriteInfo.com.Win32.TrojanX-gen.14635.21399.exe	87
PID 4576 wrote to memory of 3436	4576	SecuriteInfo.com.Win32.TrojanX-gen.14635.21399.exe	87
PID 3436 wrote to memory of 3104	3436	cmd.exe	89
PID 3436 wrote to memory of 3104	3436	cmd.exe	89
PID 3436 wrote to memory of 3104	3436	cmd.exe	89
PID 3104 wrote to memory of 1472	3104	control.exe	91
PID 3104 wrote to memory of 1472	3104	control.exe	91
PID 3104 wrote to memory of 1472	3104	control.exe	91
PID 1472 wrote to memory of 1756	1472	rundll32.exe	92
PID 1472 wrote to memory of 1756	1472	rundll32.exe	92
PID 1756 wrote to memory of 2680	1756	RunDll32.exe	93
PID 1756 wrote to memory of 2680	1756	RunDll32.exe	93
PID 1756 wrote to memory of 2680	1756	RunDll32.exe	93

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.14635.21399.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.14635.21399.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\AKPM4BY.cmD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3436
- - C:\Windows\SysWOW64\control.exe
    CONtRoL.Exe "C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\8TH.L"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3104
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\8TH.L"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1472
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\8TH.L"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1756
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\8TH.L"
        6⤵
        Loads dropped DLL
        
        PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\8TH.L

Filesize
2.3MB

MD5
d8086cdd814c30c0583d3cfa1ea67357

SHA1
d8374cfac3874792859e04974e94f6391403272f

SHA256
29345a57ccfbb92607c7f51cf889f4c700e4af1fc84a7893ecde2bacca75d677

SHA512
fa8c5f3fb8719df687dfebf136bffb1eeef9fcef8e334fe07b79a4bba8b6f414080998939de522ed170e0f3f78917a4d6041b33497da2224f51b10df7e97b4c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\8tH.l

Filesize
2.3MB

MD5
d8086cdd814c30c0583d3cfa1ea67357

SHA1
d8374cfac3874792859e04974e94f6391403272f

SHA256
29345a57ccfbb92607c7f51cf889f4c700e4af1fc84a7893ecde2bacca75d677

SHA512
fa8c5f3fb8719df687dfebf136bffb1eeef9fcef8e334fe07b79a4bba8b6f414080998939de522ed170e0f3f78917a4d6041b33497da2224f51b10df7e97b4c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\8tH.l

Filesize
2.3MB

MD5
d8086cdd814c30c0583d3cfa1ea67357

SHA1
d8374cfac3874792859e04974e94f6391403272f

SHA256
29345a57ccfbb92607c7f51cf889f4c700e4af1fc84a7893ecde2bacca75d677

SHA512
fa8c5f3fb8719df687dfebf136bffb1eeef9fcef8e334fe07b79a4bba8b6f414080998939de522ed170e0f3f78917a4d6041b33497da2224f51b10df7e97b4c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E1A8AC7\aKPm4bY.cmd

Filesize
27B

MD5
6e25043296a42ff9f39a5199bdde7911

SHA1
f45abe64072d5f478dce643c320df6ea780a8241

SHA256
42454f773a12875fe06e618c26d60678843cc8d21db2b642124734fa0ac06443

SHA512
2b152f28935ef71e31c5297a72a13e721c4ea560f7c9f2914acf93a7163ff64533dacbb4c52b444fe098a3e621c12790e78fce703ab4fa31b99dfc0805e18502

Download Submit
memory/1472-15-0x0000000002F10000-0x0000000003005000-memory.dmp

Filesize
980KB

Download
memory/1472-11-0x0000000002E00000-0x0000000002F10000-memory.dmp

Filesize
1.1MB

Download
memory/1472-12-0x0000000002F10000-0x0000000003005000-memory.dmp

Filesize
980KB

Download
memory/1472-13-0x0000000002F10000-0x0000000003005000-memory.dmp

Filesize
980KB

Download
memory/1472-9-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/1472-16-0x0000000002F10000-0x0000000003005000-memory.dmp

Filesize
980KB

Download
memory/1472-8-0x0000000000D30000-0x0000000000D36000-memory.dmp

Filesize
24KB

Download
memory/2680-19-0x00000000012A0000-0x00000000012A6000-memory.dmp

Filesize
24KB

Download
memory/2680-21-0x0000000003360000-0x0000000003470000-memory.dmp

Filesize
1.1MB

Download
memory/2680-23-0x0000000003470000-0x0000000003565000-memory.dmp

Filesize
980KB

Download
memory/2680-25-0x0000000003470000-0x0000000003565000-memory.dmp

Filesize
980KB

Download
memory/2680-26-0x0000000003470000-0x0000000003565000-memory.dmp

Filesize
980KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads